Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

System crashes ! my hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby whisperer » June 14th, 2006, 1:43 pm

No thanks Freddy, I will be posting new instructions sometime tonight when I have finished my research.

Back soon

GT ;)
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall
Advertisement
Register to Remove

Unread postby whisperer » June 15th, 2006, 2:50 am

Hi Freddy,

Well done for the Symantec scan, I would like to confirm its results with a log to check over. As Kaspersky is playing up, I would like you to try the free scan available from Panda and post me the log

Thanks for the information concerning ActiveToolBand.dll. The company name is a well known name in computer security, however neither I nor my expert helpers can find any information on this file so we will also submit this one for further analysis please. I will include it in the instructions below. Again, well done!

  1. Run Panda's ActiveScan and perform a full system scan.
    1. Once you are on the Panda site click the Scan your PC button.
    2. A new window will open...click the big Check Now button.
    3. Enter your Country
    4. Enter your State/Province.
    5. Enter your e-mail address.
    6. Select either Home User or Company.
    7. Click the big Scan Now button.
    8. Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
    9. Click on Local Disks to start the scan.
    10. Upon scan completion, if anything malicious is detected, click See Report , then click Save Report and save it to your Desktop.
  2. Now I would like you to do a search for the rogue file. I will apologise now but we must find and investigate that file so I am going to spell-out every element to ensure that we succeed.
    • Click Start and select Search
    • In the menu select For Files or Folders
    • From the menu on the left in the new window select All Files and Folders
    • Under All or Part of the filename type toolband.dll
    • Under Look-In select My Computer
    • Use the vertical scroll bar to find More advanced options , click if necessary to expand these options
    • Make sure there are ticks against
      • Search system folders
      • Search hidden files and folders
      • Search subfolders
    • Click the Search button
  3. There should only be the one file found with that exact name and extension
    • Right-Click the file and select Properties
    • As before please note the details, especially the Company Name and pass them in your next reply
    • From the menu bar at the top of the Search Results window
      • Select Tools and then Folder Options
      • In the new dialogue box select the View tab and place a tick in the box to the left of Display the full path in the title bar
      • Click Apply and then Apply to All Folders
      • Click Yes and then OK
    • Right-click the file again and choose the first option Open containing folder
  4. In the new window copy and write down the full address of the containing folder in the Address bar – It should be C:\WINDOWS\system32 and I will use that to continue. Please substitute the real address where applicable in the following instructions
  5. I would now like you to submit this file for further investigation to two specialist sites who will analyse it for us.
    1. First go to BleepingComputer
      • In the first box copy your thread identification
      • Right-click this url http://www.malwareremoval.com/forum/viewtopic.php?t=10613 and select Copy Link location now paste that into the box
      • Click the Browse button to the second window
        • Select My Computer from the left menu
        • In the window on the right double-click the disk with a (C) after it (Substitute if required from your written address)
        • Now scroll down to find the WINDOWS directory and double-click it (again substitute the written address element if required)
        • Finally locate the System32 directory and double-click to open (substitute if required)
        • In the File name window type ToolBand.dll and then select Open
        • In the large window enter as requested by Grinler/Whisperer
    2. Now go to VirusTotal
      • Right at the top select Browse .
      • As before navigate to C:\WINDOWS\system32\ locate ToolBand.dll and click on the file, they will email you the response, please copy the results back to this thread
  6. Now, I would like you to submit ActiveToolband.dll to VirusTotal
  7. Please post in your next answer
    • The Panda log.
    • The two files details from VirusTotals emails

GT ;)
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby Freddy » June 15th, 2006, 5:53 am

Hi Whisperer...I understand that is difficult to believe that the file is not showing up, but I followed your instructions literally two times and still the same. There´s only one file with a similar name, it´s in the same System 32 folder, but its name is ActiveToolBand.dll

Hidden files are being shown
Protected Operating System files are being shown
The search was done in "My Computer"

Just in case you wonder, I tell you that I DIDN´T tick the "Case sensitive" field in the search. So I see no mistake in what I did, the file isn´t there or there is a trick.

I looked where you were seeing it in my hijackthis log:

O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

and just did a new scan with hijackthis and is there, YES !!...
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

I will come back later with your other requests, but ToolBand.dll stays invisible.
Freddy
Active Member
 
Posts: 11
Joined: June 8th, 2006, 1:36 pm

Unread postby whisperer » June 15th, 2006, 10:22 am

:D Not a case of disbelief, more a case of not understanding how a file that is visible in HJT can then totally disappear using other tools.

Please ensure that the ActiveToolBand.dll goes up for investigation and I will seek further help to get to the bottom of this one.

When you have done the Panda and upload of files, do let me know how the computer is behaving now. We will overcome! :D

GT ;)
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby whisperer » June 22nd, 2006, 4:16 am

Hi Freddy,

I haven't heard from you for a week, hope that all is OK with you 'on board'.

GT ;)
User avatar
whisperer
Retired Graduate
 
Posts: 615
Joined: May 28th, 2005, 6:00 am
Location: Cornwall

Unread postby Freddy » June 23rd, 2006, 1:48 pm

:D hi again !!!...connection to the outside world collapsed, nothing to do with this. Now back again.

I sent the file to the guys you asked.
Now I´m a little bit of a mess , will come back tomorrow and tell you what I did.

Cheers
Freddy
Active Member
 
Posts: 11
Joined: June 8th, 2006, 1:36 pm

Unread postby 'KotaGuy » July 3rd, 2006, 12:24 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 479 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware